Re: Database Encryption (now required by law in Italy)
| От | Lamar Owen |
|---|---|
| Тема | Re: Database Encryption (now required by law in Italy) |
| Дата | |
| Msg-id | 200403060855.12265.lowen@pari.edu обсуждение исходный текст |
| Ответ на | Re: Database Encryption (now required by law in Italy) ("scott.marlowe" <scott.marlowe@ihs.com>) |
| Ответы |
Re: Database Encryption (now required by law in Italy)
|
| Список | pgsql-admin |
On Friday 05 March 2004 03:34 pm, scott.marlowe wrote: > Sorry, but that's the wrong answer. Once someone has root on a unix box > her can do ANYTHING he wants. and he can cover his tracks. This is what things like the capabilities system and SELinux are designed to prevent in the Linux world. As Fedora Core 2 will ship with SELinux installed and enabled, it will become much more difficult for someone to randomly get root and do damage. It is quite simple with SELinux to prevent any of the attacks you mentioned. Root is no longer root. Things on an SELinux system, or a system fully implementing the kernel capabilities model, can indeed be locked away from root, at least in network attached multiuser mode. This does, of course, make maintenance of the data more difficult; one must be at the console in a special mode to do full maintenance. But someone remotely cracking root no longer is the threat they once were, when some system like SELinux is in use. -- Lamar Owen Director of Information Technology Pisgah Astronomical Research Institute 1 PARI Drive Rosman, NC 28772 (828)862-5554 www.pari.edu
В списке pgsql-admin по дате отправления: